Analysis Based Multi-Cloud Interconnection on Sky Computing

(1)

Analysis Based Multi-Cloud Interconnection on Sky

Computing

Vani.N, J.Gayatri, Radha.N, A. Anitha

Visveswaraya Technology University Dept of CSE RYMEC Engineering College, Bellary [email protected],[email protected],{radhamtechbi, anitha.harivi}@gmail.com

Abstract – The impact of sky computing to business world and scientific applications reduces hardware cost, reduces cost on investing infrastructure and software’s for managing huge database such as Google or Amazon. Sky computing improves greater efficiency and performance on multiple clouds. Interconnection of multiple clouds is possible in sky computing and also provides interoperability and connection between different types of clouds such as private cloud, public cloud and hybrid cloud. Security is ensured in sky computing with a different algorithm implemented on trusted clouds. Sky computing provides HPC (High performance computing), HA (High Availability) and HT (High Tolerance) to end users. It provides greater services as IaaS (Infrastructure as a Service), SaaS (Software as a Service) and PaaS (Platform as a Service) on different multiple clouds to support different types of application. Sky computing is pay-and-use model. The combination of multiple cloud become one large cloud is known as combined cloud is called sky computing. The techniques are implemented in ViNe and TinyViNe software, virtual network technologies for distributed resources in different administrative domains.

Keywords – ViNe, TinyViNe, VR.

I. I

NTRODUCTION

Sky Computing model allows the creation of large scale infrastructure using resources from multiple clouds [1].

Fig.1.1. Sky computing

A challenge of sky computing is inter-cloud communication, inter-cloud management, efficient distribution of tasks, tolerance to node failures, and parallel execution of applications [2]. A federation of multiple clouds creates large scale infrastructures such as scientific software [2]. The combined use of multiple clouds requires resources/apps/platforms across independent clouds. XaaS Cloud is an abstraction as service [2]. ViNe is a virtual network based on an IP-overlay, to enable all-to-all communication between virtual machines spread across multiple clouds. Hadoop is used for parallel fault-tolerant execution and dynamic cluster extension [3].

Fig.1.2. Multi-Cloud Consumer System

.Nimbus is an open-source toolkit focused on providing Infrastructure –as –a –Service (IaaS). To achieve this we focus on three major factors:

 Enable Providers of resources to build private IaaS Clouds.

 Enables users to use IaaS clouds.

 Enable developers to extend experiment and customize IaaS [1].

Fig.1.3. Data Center Interconnection

Data Center Interconnect (DCI) solutions address the business continuity [7]. the type of network interconnection between the remote data centers that handles the cloud infrastructure needs to be as resilient as possible and must be able to support any new connections where resources may be used by different services [7].

Four technical services are essential to supporting the high level of flexibility, resource availability, and transparent resource connectivity required for cloud computing:

• The Layer 3 network offers the traditional routed interconnection between remote sites and provides end-user access to cloud services.

• The extended LAN between two or more sites offers transparent transport and supports application and operating system mobility.

(2)

Fig.1.5. Encapsulation used in TCP/IP and Virtual Network Diagram

II. C

HALLENGES



Connectivity:

Connectivity across different service providers and connectivity over heterogeneous resources under different administration domains has security and performance implications [4]. Connectivity constraints due to packet filtering and network address translation and connectivity limitations due to lack of publicly accessible addresses such as firewalls [2]. In different administration domain, management coordination is very difficult. Another problem in connectivity is sandboxing which disables direct data link layer (L2) communication. It does not provide Node-to-gateway communication.



Performance:

overlay network processing affects performance on multiple clouds [1]. To minimize performance degradation, compute resources should avoid overlay network processing [2]. The study shows that it is possible for user level network virtualization software to perform with low overheads [6].



Service levels:

Sky computing requires on-demand creation of isolated networks over heterogeneous resources [1]. There are three services such as: o Traffic from the user to the server. o Traffic from the server to the user o Traffic from server to server.

Fig.2.1. Three communication types

III. P

ROPOSED SYSTEM

The Proposed system of Sky Computing is analysis made on routing software’s used in multiple cloud connectivity such as ViNe and TinyViNe, Analysis based on performance of security in trusted cloud computing and analysis on performance of Map Reduce algorithm. Sky Computing requires connectivity of different multiple clouds and making interoperable each other by using efficient routing techniques and security measures need to be considered to provide integrity of data.

IV. V

INE

ViNe is a user-level network routing software, which creates overlay networks using the cloud infrastructure. ViNe provides flexibility in cloud deployment [3]. ViNe is solution to connectivity, security and performance problems. ViNe provides connectivity for different administration domain in multisite scenarios [4]. To address these issues and provide connectivity across different service providers at low cost with high performance and security, we prefer ViNe (Virtual Networking overlay) provides end-to-end connectivity among nodes on the overlay networks [3] [4]. Throughput of ViNe is greater than 800 mbps and provides low overhead in LAN traffic boundaries [4]. Network virtualization software is required in all nodes and Network virtualization overhead is involved in inter- and intra-site communication [2].ViNe is a complex configuration and operation. It is limited node-to-VR communication due to use of L2 communication.

(3)

Table 4.1: VNID

HOST VNID

172.16.0.10 2237

172.16.0.20 8000

172.16.0.30 11022

Global Network Description Table (GNDT) describes the sub-networks that a VR is responsible. Local Network Description Table (LNDT) describes the VN membership of a node [1].

Fig.4.3. ViNe Header

Unique features of ViNe include-

(1) An application transparent connectivity recovery mechanism that is based on regular Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) communication, Completely independent from physical infrastructure services (i.e., it can work with any type of firewalls).

(2) Dynamically reconfigurable routers that facilitate the management and operation of mutually independent virtual networks.

(3) Flexibility in terms of number of routers overlay network topology and virtual network address allocation.

V. T

INY

V

I

N

E

TinyViNe software enables host-to-VR communication on multiple clouds using UDP tunnels. TinyViNe does not require implementing complex network processing.

TinyViNe make easy for end users to deploy nodes and routers. It uses IP addresses as assigned by providers [4]. TinyVR processing intercept packets destined to full-VRs. TinyViNe transmits the intercepted packets through UDP tunnels. Encapsulation and decapsulation messages through UDP tunnels and deliver the packets to destination [5].

Fig.5.1. TinyViNe Routing

Table 5.1: Interface on other applications CPU

Utilization

Direct TinyViNe ViNe

Matrix Multiplication

95.62% 92.74% 89.04%

Network Application

1.44% 1.17% 1.04%

(Tiny) ViNe Software

- 9.27% 11.98%

TinyViNe enables applications across clouds in parallel bioinformatics applications [3]. TinyViNe is implemented as a service by a cloud provider, in the context broker of a sky provider or by the consumer.

VI. O

VERLAY

N

ETWORKS

OTV extends Layer 2 traffic between multiple sites over a Layer 3 network. The edge devices that interconnect data centers are known as OTV edge devices. OTV dynamically encapsulates Layer 2 packets into an IP header for the traffic sent to the remote data centers. Routing Layer 2 traffic on top of a Layer 3 network is known as "MAC routing" transport. MAC Routing leverages the use of a control protocol to propagate MAC address reach ability information [7].

OTV works across any type of transport (Fiber, TCP/IP, and MPLS) extended between the remote sites with the reliability and effectiveness of the Layer 3 protocol. OTV offers several very important innovations:

 OTV connects two or more sites to form a single virtual data center.

 OTV offers a native multicast traffic optimization function between all remote sites [7].

VII. S

ERVICE

-

L

EVEL

A

GREEMENT

(SLA)

(4)

Fig.6.2. Virtual Data Center

SLAs are also defined at different levels:



Customer-based SLA:

An agreement with an individual customer group, covering all the services they use [10].



Service-based SLA:

An agreement for all customers using the services being delivered by the service provider.



Multilevel SLA:

The SLA is split into the different levels, each addressing different set of customers for the same services, in the same SLA.



Corporate-level SLA:

Covering all the generic service level management.



Customer-level SLA:

covering all SLM issues relevant to the particular customer group, regardless of the services being used.



Service-level SLA:

covering all SLM issue relevant to the specific services, in relation to this specific customer group [9].

VIII. M

AP

R

EDUCE

Map Reduce is a software framework that allows developers to write programs that process massive amounts of unstructured data in parallel across a distributed cluster of processors or stand-alone computers [7].

The framework is divided into two parts:

 Map is a function that parcels out work to different nodes in the distributed cluster.

 Reduce is another function that collates the work and resolves the results into a single value.

 The Map Reduce framework is fault-tolerant because each node in the cluster is expected to report back periodically with completed work and status updates

Fig.8.1. Map Reduce

Table 8.1: Maximum total number of simulation tasks Per jobs

BENCHMARK MAP REDUCE

HT on HT off HT on HT off

PI 168 84 1 1

TestDFSIO-Write 140 140 1 1

TestDFSIO-Read 140 140 1 1

TeraGen 280 280 0 0

Terasort 280 280 70 70

TeraValidate 70 70 1 1

IX. V

IRTUAL

H

ADOOP

Hadoop is a free, Java-based programming framework that supports the processing of large data sets in a distributed computing environment. Hadoop was inspired by Google's Map Reduce, a software framework in which an application is broken down into numerous small parts. Any of these parts (also called fragments or blocks) can be run on any node.

(5)

Table 9.1: Reference Architecture components

Component Name Configuration

Name Node One VM running the name node and monitoring tool on host1 with shared storage(SAN).

JOB Tracker One VM running the job Tracker on host2 with shared storage(SAN).

Workers (Task Tracker and

Data Nodes)

One VM or physical machine running both components with direct attached storage (DAS) for HDFC and Map Reduce.

• Name Node (NN)

- the master service or interface called by all Hadoop file system operations. The Name Node manages files which exist in a Hadoop system as well as where the data for those files reside.

• Job Tracker (JT)

- the master service or interface

called by all Map Reduce clients attempting to execute code and work inside a Hadoop cluster.

• Worker

- A VM or physical machine running the

Hadoop Task Tracker to execute user code and the Data Node to store user data. Hadoop is designed to transparently handle failure of these nodes.

X. S

ECURITY

A cloud deployment is built on trust. Trust cannot be achieved without control and visibility across the cloud infrastructure, identities, and information [6].

Control + Visibility= Trust

The control is measured in terms of following categories:

 Availability: Ensure access to resources and recovery following interruption or failure.

 Integrity: Guarantee only authorized persons can use specific information and applications.

 Confidentiality/privacy: Protect how information and personal data is obtained and used [5].

The visibility is measured in terms of categories:

 Compliance: Meet specific legal requirements and industry standards and rules.

 Governance: Establish usage rights and enforce policies, procedures, and controls.

 Risk management: Manage threats to business interruption or derived exposures.

To build a trusted cloud:

 Use virtualization as foundation.

 Build control and visibility into your security framework.

 Extend your security perimeter to include applications and endpoints.

 Adopt the three-layer controls framework: controls enforcement, controls management, and security management.

 Select a cloud vendor with offerings that can meet enterprise-class cloud security requirements across private and public clouds.

 Ensure services are secured to a common standard, in a transparent and auditable fashion.

The framework for a trusted cloud is comprised of three critical layers of control:

1. Control enforcement layer:

Security enforcement occurs at this layer. Controls are embedded directly into the virtualization infrastructure for complete coverage and consistency, while simplifying management. This provides protection for the perimeter, information, applications, and even endpoints.

2. Control management layer:

At this layer, enterprises provision and monitor security controls by consolidating administration. Role-based access control enables manage-ment and integration of third-party security services. Enterprises must enforce policy for sensitive data, and manage authentication requests and encryption keys.

3. Security management layer:

Policies for compliance, best practices, and risk management are defined here. This layer manages events and alerts, and remediates them as necessary. Integrated GRC tools map regulations and standards to policies, identify risk, analyze and prioritize event data, and continuously assess, remediate, and verify compliance.

(6)

devices support the concept of virtual context, which is the ability to support multiple virtual firewalls or virtual load balancers [7]. Security and optimization functions usually require maintaining a stateful session. Therefore, for the same session, the traffic should be returned to the original virtual context that acknowledged the first flow, otherwise the flow will be dropped.

XI. P

ERFORMANCE

R

ESULTS

The Performance analysis is made following categories:

 Propagation Speed

 Latency

 Transmission Speed

 Delay

 Packet Processing Time

Table 11.1: Qualitative comparison of sky computing

Technology Connectivity Unmodified

Applications

Management Performance

API-based No special network

operations are required.

Applications need to be modified and recompiled,

Run-time environment for network operation needs to be Deployed.

Minimal overhead

VPN VPN solutions do not offer

Internet connectivity

recovery

yes VPN configuration and

operation can become too complex for non-experts

high overhead

P2P-based P2P operation is, in general,

not affected by cloud

network restrictions.

P2P networks

require Applicat-ions to adapt to P2P APIs.

The self-organizing nature of P2P networks facilitates the deployment and operation.

High overhead is observed in both Intra- and inter-site communication.

VNET VNET does not offer

Internet connectivity recovery

yes VNET requires configuration

that can be complex for Non-experts.

High network

virtuali-zation overhead has been reported

ViNe ViNe uses L2

communicat-ion which can cause ViNe to not work in some cloud network Environments.

yes ViNe requires configuration

that can be complex for Non-experts.

Virtualization

overhead-free intra-site communi-cation and low overhead

for inter-site

Commu-nication.

Fig.11.1. Propagation Performance

Fig. 11.2 Packet processing time

Fig.11.3. Time spent on secure file transfer between multiple clouds

(7)

University Columbia Fortis America

Xen VMM 3.10 3.10 3.03

Guest kernel 2.6.18 2.6.18 2.6.1.6

Nimbus version 2.2 2.1 2.1

CPU Architecture

AMD Opteron 248

Intel Xeon Intel Xeon

CPU Clock 2.2 GHZ 2.4GHZ 2.8GHZ

CPU cache 1MB 512MB 2MB

VCPU per node 2 2 2

Memory 3.5GB 3.5GB 1.5GB

Networking Public Private Public

Normalization Factor

1.184 1 1.24

Table 11.3: Multiple Cloud Networking and security

VMware cloud Networking and security Comparison Vcloud

networking and security

Vshield

Pricing and Licensing

Price Per VM $150 $250 $150 $250

List Price $3.750 $6.250 $3.750 $5.000

Included Licenses 25VM 25VM 25VM 25VM

Features

Firewall    

VPN   

VXLAN  

VCloud Ecosystem Framework

 

Network access Translation(NAT)

  

Dynamic Host Configuration Protocol

  

High Availability 

Load Balancing  

Data Security  

Endpoint 

Fig.11.5. Cost Reduction

Fig.11.6. Consolidation Gain

Fig.11.7. Cost categories on Business benefits

XI. C

ONCLUSION AND

F

UTURE

W

ORK

Sky Computing is used run distributed applications on resources across independently administered cloud infrastructures, it is essential for all nodes to be able to communicate with each other. The network-connectivity problem and its solutions have been actively studied in

different contexts. The problem of cloud

intercommunication, making it difficult to find a solution that efficiently supports sky computing.

Future work is extended in sky computing is End-to-end QoS, Connectivity recovery performance optimization, Security enhancement in multiple clouds, improved performance in overlay networks, improve scalability in ViNe and TinyViNe routing and interoperability and full connectivity with high performance must be enhanced.

R

EFERENCES

[1] Katarzyna keahey, Mauricio Tsugawa, Andrea Matsunaga, And

Jose A.B. Fortes,” Sky Computing”, IEEE Computer Society, 2007, vol9.

[2] I. Foster, C. Kesselman, and S. Tuecke, “The anatomy of the

(8)

[3] A. Matsunaga, M. Tsugawa, and J. A. B. Fortes, “Cloud BLAST:

Combining MapReduce and Virtualization on Distributed

Resources for Bioinformatics Applications,” unpublished.

[4] D. Nurmi, R. Wolski, C. Grzegorczyk et al., “The Eucalyptus

Open-Source Cloud computing System,” in Proceedings of the 1st Workshop on Cloud Computing and Its Applications, 2008, vol 22,pp.150-156.

[5] University of Florida, Argonne National Labs, “Sky Computing

on Future Grid and Grid’5000”, 2009, vol4, pp.180-186.

[6] K. Keahey, and T. Freeman, “Contextualization: Providing

OnClick Virtual Clusters,” in Proc. 4th IEEE Int. Conf. on e-Science, 2008 Indianapolis, pp. 301-308.

[7] Arthur W. Coviello, Jr, David Hunter,”A Secure Cloud: Is There

Such a Thing”, Available: [online]www.vmware.com,

www.rsa.com.

[8] L. Deri, and R. Andrews, “N2N: A Layer Two Peer-to-Peer

VPN,” in Proc. 2nd Int. Conf. on Autonomous Infrastructure, Management and Security, 2008, pp. 53-64.

Vani.N

The author VANI .N is of native from Bellary District of Karnataka, India. She Born at Date-of-birth is 16-12-1987.This author completed M.Tech in Computer Networking form AMC Engineering College. She is working as Assistant Professor of CSE department in RYMEC college of Engineering and Technology, Bellary, for the past Two years. Her area of interest includes Cloud Computing.

Email: [email protected]

J. Gayatri

The author J.Gayatri is of native from Bellary District of Karnataka, India. She Born at Date-of-birth is 12-1-1986. This author completed M.Tech in Digital Electronics form BITM, Bellary. She is working as an Assistant Professor of IT department in RYM Engineering college of Bellary for the past Three years. Her area of interest includes Image processing. Email: [email protected]

Radha .N

The author RADHA .N is native from Bellary District of Karnataka, India. This author Date –of – Birth is 19-09-1988. She perceives M.Tech in Bioinformatics from PESIT Engineering College. This author area of interest includes Biotechnology. Email-Id: [email protected]